Unless we’re expecting a refund from Uncle Sam, most of us are not very excited when tax season rolls around. Now, in addition to worrying about how we’ll pay back the IRS, we’re also concerned about our data. After all, 2018 was a record-breaking year for data breaches. The 2018 End-of-Year Data Breach Report from the Identity Theft Resource Center (ITRC) reveals that more than 400 million consumer records were hacked in 2018, an increase of 126% over 2017. But should that really worry those of us simply trying to handle our taxes?
The Equifax Data Breach
Tax return fraud, due to a 2017 data breach at Equifax, has many people uneasy about filing online. One of the major credit reporting agencies, Equifax, was guilty of not patching vulnerabilities. This allowed cybercriminals to gain access to the personal and financial information of nearly 145 million U.S. consumers in its system, according to the Federal Trade Commission (FTC).
“Tax ID theft is a huge problem,” says Steve Weisman, a professor at Bentley University and an expert on cyber scams. “The good news is filing taxes can be easier and more automated than ever before.”
When filing online, here are five things to keep in mind.
Five Ways to Avoid Tax-Time Data Breaches
1. File Before Fraudsters Have a Chance
To thwart scammers, file as soon as possible. Cybercriminals bet on people waiting until the mid-April deadline to file their tax returns. So, they’ll find those that will receive money, and file a fraudulent return using their Social Security number—and a phony bank account to reap the rewards. “The one thing that will work and keep you from being victimized is filing early,” Weisman says.
2. Keep Your Social Security Number Close
A person’s social security number (SSN) can provide criminals entry into their most personal information. Never give it out unless you’re sure the third-party can be trusted. It’s also a good idea to check your Social Security Administration earnings statement annually to ensure your information is accurate. Plus, it’s important to know that any reputable tax company (or the IRS) won’t ask you for this information in an email; more on that in a minute.
3. Be Password Smart
When filing online, be sure to choose a password with strength. It’s tempting to use one that you’ve used before in order to remember it, but in doing so you may release your sensitive information (you can see if your account information has already been compromised here). A reputable site will offer multi-factor authorization, which requires not just your password, but a server-generated, one-time code given to a user via another method (i.e. phone or email) that must be keyed in to access the account. It may seem like a hassle, but it can save you a lot of trouble—and potentially a lot of money. Other best practices include not allowing your computer to automatically save passwords, especially on work computers, and changing your password regularly.
4. Beware of Phishing Scams
No one wants to cross the IRS, so some cybercriminals will send a phony, IRS-looking email claiming you owe taxes and are facing fines, liens against your property, or even imprisonment if you fail to pay up. This popular phishing tactic is designed to steal money and personal information. Per the IRS website, “the IRS doesn't initiate contact with taxpayers by email, text messages, or social media channels to request personal or financial information.” If you owe the IRS, they will send you a letter to collect.
5. Stay on Top of Data Breaches
As the 2018 End-of-Year Data Breach Report from the ITRC reported, breaches are more common than ever before. Staying in-the-know can help safeguard your information and allow you to check for fraud. Not every type of stolen personal information will result in tax-related identity theft, but knowledge is power: if you hear of a breach, you can change passwords, contact the affected company, or contact your bank or creditor before the situation gets too ugly. Follow Data in Distress for the most up-to-date information on breaches, and if a problem too hard to handle arises, you can complete IRS Form 14039 (Identity Theft Affidavit) for help.
Victim of a Breach?
If you believe you may be the victim of tax-related identity theft, or your e-file tax return was rejected as a duplicate, take these steps with the IRS:
Submit an IRS Form 14039 (Identity Theft Affidavit)
Continue to file your tax return, even if you must do so by paper, and attach the Form 14039
Watch for any follow-up correspondence from the IRS and respond in a timely matter.
DSM can also help organizations of any size, across all industries, avoid data breaches through our first-class security protocols, with a complete compliance package. If you’re interested in partnering with a provider that cares about security, contact DSM today.